## AI 生成解读视频

AI抽取解析论文重点内容自动生成视频

AI解析本论文相关学术脉络

## AI 精读

AI抽取本论文的概要总结

We presented the first encryption system that can be proved to be n-circular secure under chosen-plaintext attack in the standard model

# Circular-Secure Encryption from Decision Diffie-Hellman

CRYPTO, (2008): 108-125

EI

We describe a public-key encryption system that remains secure even encrypting messages that depend on the secret keys in use. In particular, it remains secure under a "key cycle" usage, where we have a cycle of public/secret key-pairs (pki,ski) for i= 1,...,n, and we encrypt each skiunder ${\rm pk}_{(i \bmod n)+1}$. Such usage scenarios ...更多

• Secure encryption is arguably the most basic task in cryptography, and significant work has gone into defining and attaining it.
• The danger of encrypting messages that the adversary cannot find on its own was already noted more than two decades ago by Goldwasser and Micali [10, §5.1].
• Supported by NSF and the Packard Foundation.
• Supported by IBM Faculty Award, Xerox Innovation Group Award, NSF grants 0430254, 0716835, 0716389 and U.C. MICRO grant

• Secure encryption is arguably the most basic task in cryptography, and significant work has gone into defining and attaining it
• The difficulty in constructing such a system is the simulation of an encryption clique without knowledge of any of the secret keys
• A Cramer-Shoup simulator is in possession of all secret keys and can use them to create an encryption clique to give to the adversary
• The problem is that the simulator has to embed the Decision Diffie-Hellman challenge into the circular clique, but it is difficult to do so while creating a valid clique
• We presented the first encryption system that can be proved to be n-circular secure under chosen-plaintext attack in the standard model
• Security is based on the Decision Diffie-Hellman assumption and holds even if the adversary is given affine functions of the secret keys

• The authors' main result is a public-key system that is circular-secure in the standard model under the Decision Diffie-Hellman assumption.
• The authors' system tolerates the adversary seeing encryption cliques without compromising security.
• The difficulty in constructing such a system is the simulation of an encryption clique without knowledge of any of the secret keys.
• The authors point out that one may be tempted to use a CramerShoup-like construction and simulation [7] to prove n-circular security.
• A Cramer-Shoup simulator is in possession of all secret keys and can use them to create an encryption clique to give to the adversary.
• The problem is that the simulator has to embed the DDH challenge into the circular clique, but it is difficult to do so while creating a valid clique

• Proving that the system is circular secure is somewhat involved.
• The authors give some intuition for the construction and its proof.
• The authors constructed in Section 5 a simple system that is weakly secure, but breaks completely once a key-cycle is published.
• An important remaining problem is to obtain circular security against chosen ciphertext attacks.
• Other interesting problems are to improve the performance of the system, and to construct a semantically secure system that becomes insecure once an n-encryption cycle is published

• Adao, P., Bana, G., Herzog, J., Scedrov, A.: Soundness of formal encryption in the presence of key-cycles. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 374–396. Springer, Heidelberg (2005)
• Bellare, M., Namprempre, C.: Authenticated encryption: relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)
• Bellare, M., Rogaway, P.: Encode-then-encipher encryption: How to exploit nonces or redundancy in plaintexts for efficient encryption. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 317–330. Springer, Heidelberg (2000)
• Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 62–75. Springer, Heidelberg (2003)
• Boneh, D., Boyen, X., Shacham, H.: Short group signatures. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 41–55. Springer, Heidelberg (2004)
• Camenisch, J., Lysyanskaya, A.: An efficient system, for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)
• Cramer, R., Shoup, V.: A practical cryptosystem provably secure under chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)
• Dolev, D., Dwork, C., Naor, M.: Non-malleable cryptography. SIAM J. of Computing 30(2), 391–437 (2000)
• Erdos, P., Hall, R.: Probabilistic methods in group theory II. Houston Math Journal 2, 173–180 (1976)
• Goldwasser, S., Micali, S.: Probabilistic encryption. Jour. of Computer and System Science 28(2), 270–299 (1984)
• Haitner, I., Holenstein, T.: On the (Im)Possibility of Key Dependent Encryption. Cryptology ePrint Archive (2008), http://eprint.iacr.org/2008/164
• Halevi, S., Krawczyk, H.: Security under key-dependent inputs. In: proceedings of the 14th ACM conference on computer and communications security (CCS) (2007), http://eprint.iacr.org/2007/315
• Hastad, J., Impagliazzo, R., Levin, L., Luby, M.: A pseudorandom generator from any one-way function. SIAM Journal on Computing 28(4), 1364–1396 (1999)
• Hofheinz, D., Kiltz, E.: Secure hybrid encryption from weakened key encapsulation. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 553–571. Springer, Heidelberg (2007)
• Hofheinz, D., Unruh, D.: Towards key-dependent message security in the standard mode. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 108–126. Springer, Heidelberg (2008)
• Katz, J., Yung, M.: Unforgeable encryption and adaptively secure modes of operation. In: Schneier, B. (ed.) FSE 2000. LNCS, vol. 1978, pp. 284–299.
• Krawczyk, H.: The order of encryption and authentication for protecting communications (or: How secure is SSL?). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139. Springer, Heidelberg (2001)
• Laud, P., Corin, R.: Sound computational interpretation of formal encryption with composed keys. In: Lim, J.-I., Lee, D.-H. (eds.) ICISC 2003. LNCS, vol. 2971, pp. 55–66. Springer, Heidelberg (2004)
• Rackoff, C., Simon, D.: Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 433–444. Springer, Heidelberg (1992)
• Shacham, H.: A Cramer-Shoup Encryption Scheme from the Linear Assumption and from Progressively Weaker Linear Variants. Cryptology ePrint Archive (2007) http://eprint.iacr.org/2007/074
• Shoup, V.: A Computational Introduction to Number Theory and Algebra. Cambridge University Press, Cambridge (2005)
0